Aaron Patterson
2013-Jan-08 20:20 UTC
[SEC][ANN] Rails 3.2.11, 3.1.10, 3.0.19, and 2.3.15 have been released!
Hi everybody. I''d like to announce that 3.2.11, 3.1.10, 3.0.19, and 2.3.15 have been released. These releases contain two **extremely critical security fixes** so please update **IMMEDIATELY**. You can read about the security fixes by following these links: * [CVE-2013-0155](https://groups.google.com/group/rubyonrails-security/browse_thread/thread/b75585bae4326af2) * [CVE-2013-0156](https://groups.google.com/group/rubyonrails-security/browse_thread/thread/eb56e482f9d21934) In order to ease upgrading, the only major changes in each gem are the security fixes. To see the detailed changes for each version, follow the links below: * [Changes in 3.2.11](https://github.com/rails/rails/compare/v3.2.10...v3.2.11) * [Changes in 3.1.10](https://github.com/rails/rails/compare/v3.1.9...v3.1.10) * [Changes in 3.0.19](https://github.com/rails/rails/compare/v3.0.18...v3.0.19) * [Changes in 2.3.15](https://github.com/rails/rails/compare/v2.3.14...v2.3.15) Thanks to the people who responsibly reported these security issues. Here are the SHA-1 checksums for each gem: ### 3.2.11 ``` [aaron@higgins dist]$ shasum *3.2.11* 933cd2821b30cdff4a2e0b5cc63f4d2c6b29affe actionmailer-3.2.11.gem 54731c51b55bf0215392971b982139775c0bfa2b actionpack-3.2.11.gem 5ccde66568d8051405c01063f1afaed13bd01082 activemodel-3.2.11.gem f360c17968486479b0a4207e7eccbe379186a9d2 activerecord-3.2.11.gem c61ff513be8a8aef898d2e5c4c9508d60727c556 activeresource-3.2.11.gem 41a4e8c382594283026d977554c1e18233198ca8 activesupport-3.2.11.gem 8fa6d19a0daea910e39a0911b2240c2a7b630fb1 rails-3.2.11.gem ffaec7c3e5211283108cf5afab8e79be76090a0d railties-3.2.11.gem ``` ### 3.1.10 ``` [aaron@higgins dist]$ shasum *3.1.10* e3dce983ebd0ee8970c5ddab46b05ac432c8b029 actionmailer-3.1.10.gem 84e536e732255e5dfd3d8053c10ed98dcb45ac80 actionpack-3.1.10.gem db1a3ac836d988dc1fc7c64d29ded7a277047419 activemodel-3.1.10.gem ea3ad8514265516033009d97efc1fe7b3d2b09ed activerecord-3.1.10.gem 0843646278b42d9ca796e157295851fd9938fe96 activeresource-3.1.10.gem b55ef7f66de0bb79fcfa480e8df3696bffbff7f8 activesupport-3.1.10.gem 4ed7d159191faa1a469cd9efdf9e6a4cdc907195 rails-3.1.10.gem f288986df0fabd2035569199ea3d5f1f46a56db7 railties-3.1.10.gem ``` ### 3.0.19 ``` [aaron@higgins dist]$ shasum *3.0.19* f8376f907b2230ac75882e1a3cfa8d5cdd6df800 actionmailer-3.0.19.gem 68b319d86530a5d4291e13d6ab5f357a1e52c05b actionpack-3.0.19.gem f0fb577ea7446ff229752bc799ca86dd53aa9cda activemodel-3.0.19.gem c12324d78b22697d426148010901f79b366c0502 activerecord-3.0.19.gem 8dbc7c8c80f5baeec823966aa225b23f4c2a799c activeresource-3.0.19.gem b525b778f82f844a56ff993211825b9811bf82bd activesupport-3.0.19.gem c2beb0711d28a07cb2747c83962c7d453951e2d6 rails-3.0.19.gem de286ada16b3fc76129767dc612926e0b4f71dda railties-3.0.19.gem ``` ### 2.3.15 ``` [aaron@higgins dist]$ shasum *2.3.15* 5ce45c70851dd534a72814620a6e57b42d360b88 actionmailer-2.3.15.gem fa174c40f17fa5db952ba3a7c95a4ab0b5467594 actionpack-2.3.15.gem e7391c92c82f974be7e65765819824e87bdb3cfd activerecord-2.3.15.gem 4644b7a27993f7860d9e176f51dfa52d8f029ec9 activeresource-2.3.15.gem 64843e3676c20a49060605546dfcdddaef2ea1a8 activesupport-2.3.15.gem c8c0c49c63ca0f9acc3e0967b38d92b1c0b115af rails-2.3.15.gem ``` <3<3<3 -- Aaron Patterson http://tenderlovemaking.com/
Henrik Ormåsen
2013-Jan-10 13:39 UTC
Re: [SEC][ANN] Rails 3.2.11, 3.1.10, 3.0.19, and 2.3.15 have been released!
How about 2.2? I''m using yaml, but not xml. How can I fix it? On Tuesday, January 8, 2013 9:20:48 PM UTC+1, Aaron Patterson wrote:> > Hi everybody. > > I''d like to announce that 3.2.11, 3.1.10, 3.0.19, and 2.3.15 have been > released. These releases contain two **extremely critical security fixes** > so please update **IMMEDIATELY**. > > You can read about the security fixes by following these links: > > * [CVE-2013-0155]( > https://groups.google.com/group/rubyonrails-security/browse_thread/thread/b75585bae4326af2) > > * [CVE-2013-0156]( > https://groups.google.com/group/rubyonrails-security/browse_thread/thread/eb56e482f9d21934) > > > In order to ease upgrading, the only major changes in each gem are the > security fixes. To see the detailed changes for each version, follow the > links below: > > * [Changes in 3.2.11]( > https://github.com/rails/rails/compare/v3.2.10...v3.2.11) > * [Changes in 3.1.10]( > https://github.com/rails/rails/compare/v3.1.9...v3.1.10) > * [Changes in 3.0.19]( > https://github.com/rails/rails/compare/v3.0.18...v3.0.19) > * [Changes in 2.3.15]( > https://github.com/rails/rails/compare/v2.3.14...v2.3.15) > > Thanks to the people who responsibly reported these security issues. > > Here are the SHA-1 checksums for each gem: > > ### 3.2.11 > > ``` > [aaron@higgins dist]$ shasum *3.2.11* > 933cd2821b30cdff4a2e0b5cc63f4d2c6b29affe actionmailer-3.2.11.gem > 54731c51b55bf0215392971b982139775c0bfa2b actionpack-3.2.11.gem > 5ccde66568d8051405c01063f1afaed13bd01082 activemodel-3.2.11.gem > f360c17968486479b0a4207e7eccbe379186a9d2 activerecord-3.2.11.gem > c61ff513be8a8aef898d2e5c4c9508d60727c556 activeresource-3.2.11.gem > 41a4e8c382594283026d977554c1e18233198ca8 activesupport-3.2.11.gem > 8fa6d19a0daea910e39a0911b2240c2a7b630fb1 rails-3.2.11.gem > ffaec7c3e5211283108cf5afab8e79be76090a0d railties-3.2.11.gem > ``` > > ### 3.1.10 > > ``` > [aaron@higgins dist]$ shasum *3.1.10* > e3dce983ebd0ee8970c5ddab46b05ac432c8b029 actionmailer-3.1.10.gem > 84e536e732255e5dfd3d8053c10ed98dcb45ac80 actionpack-3.1.10.gem > db1a3ac836d988dc1fc7c64d29ded7a277047419 activemodel-3.1.10.gem > ea3ad8514265516033009d97efc1fe7b3d2b09ed activerecord-3.1.10.gem > 0843646278b42d9ca796e157295851fd9938fe96 activeresource-3.1.10.gem > b55ef7f66de0bb79fcfa480e8df3696bffbff7f8 activesupport-3.1.10.gem > 4ed7d159191faa1a469cd9efdf9e6a4cdc907195 rails-3.1.10.gem > f288986df0fabd2035569199ea3d5f1f46a56db7 railties-3.1.10.gem > ``` > > ### 3.0.19 > > ``` > [aaron@higgins dist]$ shasum *3.0.19* > f8376f907b2230ac75882e1a3cfa8d5cdd6df800 actionmailer-3.0.19.gem > 68b319d86530a5d4291e13d6ab5f357a1e52c05b actionpack-3.0.19.gem > f0fb577ea7446ff229752bc799ca86dd53aa9cda activemodel-3.0.19.gem > c12324d78b22697d426148010901f79b366c0502 activerecord-3.0.19.gem > 8dbc7c8c80f5baeec823966aa225b23f4c2a799c activeresource-3.0.19.gem > b525b778f82f844a56ff993211825b9811bf82bd activesupport-3.0.19.gem > c2beb0711d28a07cb2747c83962c7d453951e2d6 rails-3.0.19.gem > de286ada16b3fc76129767dc612926e0b4f71dda railties-3.0.19.gem > ``` > > ### 2.3.15 > > ``` > [aaron@higgins dist]$ shasum *2.3.15* > 5ce45c70851dd534a72814620a6e57b42d360b88 actionmailer-2.3.15.gem > fa174c40f17fa5db952ba3a7c95a4ab0b5467594 actionpack-2.3.15.gem > e7391c92c82f974be7e65765819824e87bdb3cfd activerecord-2.3.15.gem > 4644b7a27993f7860d9e176f51dfa52d8f029ec9 activeresource-2.3.15.gem > 64843e3676c20a49060605546dfcdddaef2ea1a8 activesupport-2.3.15.gem > c8c0c49c63ca0f9acc3e0967b38d92b1c0b115af rails-2.3.15.gem > ``` > > <3<3<3 > > -- > Aaron Patterson > http://tenderlovemaking.com/ >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/36RchKI_C_oJ. For more options, visit https://groups.google.com/groups/opt_out.
Xiao Zhao
2013-Jan-10 16:14 UTC
Re: [SEC][ANN] Rails 3.2.11, 3.1.10, 3.0.19, and 2.3.15 have been released!
I''ve upgraded to 3.0.19 yesterday, should I upgrade again today or something? gem "rails", "~> 3.0.19" that''s what''s in my Gemfile On Tuesday, 8 January 2013 15:20:48 UTC-5, Aaron Patterson wrote:> > Hi everybody. > > I''d like to announce that 3.2.11, 3.1.10, 3.0.19, and 2.3.15 have been > released. These releases contain two **extremely critical security fixes** > so please update **IMMEDIATELY**. > > You can read about the security fixes by following these links: > > * [CVE-2013-0155]( > https://groups.google.com/group/rubyonrails-security/browse_thread/thread/b75585bae4326af2) > > * [CVE-2013-0156]( > https://groups.google.com/group/rubyonrails-security/browse_thread/thread/eb56e482f9d21934) > > > In order to ease upgrading, the only major changes in each gem are the > security fixes. To see the detailed changes for each version, follow the > links below: > > * [Changes in 3.2.11]( > https://github.com/rails/rails/compare/v3.2.10...v3.2.11) > * [Changes in 3.1.10]( > https://github.com/rails/rails/compare/v3.1.9...v3.1.10) > * [Changes in 3.0.19]( > https://github.com/rails/rails/compare/v3.0.18...v3.0.19) > * [Changes in 2.3.15]( > https://github.com/rails/rails/compare/v2.3.14...v2.3.15) > > Thanks to the people who responsibly reported these security issues. > > Here are the SHA-1 checksums for each gem: > > ### 3.2.11 > > ``` > [aaron@higgins dist]$ shasum *3.2.11* > 933cd2821b30cdff4a2e0b5cc63f4d2c6b29affe actionmailer-3.2.11.gem > 54731c51b55bf0215392971b982139775c0bfa2b actionpack-3.2.11.gem > 5ccde66568d8051405c01063f1afaed13bd01082 activemodel-3.2.11.gem > f360c17968486479b0a4207e7eccbe379186a9d2 activerecord-3.2.11.gem > c61ff513be8a8aef898d2e5c4c9508d60727c556 activeresource-3.2.11.gem > 41a4e8c382594283026d977554c1e18233198ca8 activesupport-3.2.11.gem > 8fa6d19a0daea910e39a0911b2240c2a7b630fb1 rails-3.2.11.gem > ffaec7c3e5211283108cf5afab8e79be76090a0d railties-3.2.11.gem > ``` > > ### 3.1.10 > > ``` > [aaron@higgins dist]$ shasum *3.1.10* > e3dce983ebd0ee8970c5ddab46b05ac432c8b029 actionmailer-3.1.10.gem > 84e536e732255e5dfd3d8053c10ed98dcb45ac80 actionpack-3.1.10.gem > db1a3ac836d988dc1fc7c64d29ded7a277047419 activemodel-3.1.10.gem > ea3ad8514265516033009d97efc1fe7b3d2b09ed activerecord-3.1.10.gem > 0843646278b42d9ca796e157295851fd9938fe96 activeresource-3.1.10.gem > b55ef7f66de0bb79fcfa480e8df3696bffbff7f8 activesupport-3.1.10.gem > 4ed7d159191faa1a469cd9efdf9e6a4cdc907195 rails-3.1.10.gem > f288986df0fabd2035569199ea3d5f1f46a56db7 railties-3.1.10.gem > ``` > > ### 3.0.19 > > ``` > [aaron@higgins dist]$ shasum *3.0.19* > f8376f907b2230ac75882e1a3cfa8d5cdd6df800 actionmailer-3.0.19.gem > 68b319d86530a5d4291e13d6ab5f357a1e52c05b actionpack-3.0.19.gem > f0fb577ea7446ff229752bc799ca86dd53aa9cda activemodel-3.0.19.gem > c12324d78b22697d426148010901f79b366c0502 activerecord-3.0.19.gem > 8dbc7c8c80f5baeec823966aa225b23f4c2a799c activeresource-3.0.19.gem > b525b778f82f844a56ff993211825b9811bf82bd activesupport-3.0.19.gem > c2beb0711d28a07cb2747c83962c7d453951e2d6 rails-3.0.19.gem > de286ada16b3fc76129767dc612926e0b4f71dda railties-3.0.19.gem > ``` > > ### 2.3.15 > > ``` > [aaron@higgins dist]$ shasum *2.3.15* > 5ce45c70851dd534a72814620a6e57b42d360b88 actionmailer-2.3.15.gem > fa174c40f17fa5db952ba3a7c95a4ab0b5467594 actionpack-2.3.15.gem > e7391c92c82f974be7e65765819824e87bdb3cfd activerecord-2.3.15.gem > 4644b7a27993f7860d9e176f51dfa52d8f029ec9 activeresource-2.3.15.gem > 64843e3676c20a49060605546dfcdddaef2ea1a8 activesupport-2.3.15.gem > c8c0c49c63ca0f9acc3e0967b38d92b1c0b115af rails-2.3.15.gem > ``` > > <3<3<3 > > -- > Aaron Patterson > http://tenderlovemaking.com/ >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/x02mEBp6lnYJ. For more options, visit https://groups.google.com/groups/opt_out.
Walter Lee Davis
2013-Jan-10 20:15 UTC
Re: [SEC][ANN] Rails 3.2.11, 3.1.10, 3.0.19, and 2.3.15 have been released!
AFAIK 3.0.19 is the latest version, the alert refers to updating to this version. Keep an eye on the release channel (this list gets notified very immediately) for any further updates coming soon. There may be another version replacing 3.2.11, possibly the same fix will be rolled into 3.0.x as well. Walter On Jan 10, 2013, at 11:14 AM, Xiao Zhao wrote:> I''ve upgraded to 3.0.19 yesterday, should I upgrade again today or something? > > gem "rails", "~> 3.0.19" > > that''s what''s in my Gemfile > > On Tuesday, 8 January 2013 15:20:48 UTC-5, Aaron Patterson wrote: > Hi everybody. > > I''d like to announce that 3.2.11, 3.1.10, 3.0.19, and 2.3.15 have been released. These releases contain two **extremely critical security fixes** so please update **IMMEDIATELY**. > > You can read about the security fixes by following these links: > > * [CVE-2013-0155](https://groups.google.com/group/rubyonrails-security/browse_thread/thread/b75585bae4326af2) > * [CVE-2013-0156](https://groups.google.com/group/rubyonrails-security/browse_thread/thread/eb56e482f9d21934) > > In order to ease upgrading, the only major changes in each gem are the security fixes. To see the detailed changes for each version, follow the links below: > > * [Changes in 3.2.11](https://github.com/rails/rails/compare/v3.2.10...v3.2.11) > * [Changes in 3.1.10](https://github.com/rails/rails/compare/v3.1.9...v3.1.10) > * [Changes in 3.0.19](https://github.com/rails/rails/compare/v3.0.18...v3.0.19) > * [Changes in 2.3.15](https://github.com/rails/rails/compare/v2.3.14...v2.3.15) > > Thanks to the people who responsibly reported these security issues. > > Here are the SHA-1 checksums for each gem: > > ### 3.2.11 > > ``` > [aaron@higgins dist]$ shasum *3.2.11* > 933cd2821b30cdff4a2e0b5cc63f4d2c6b29affe actionmailer-3.2.11.gem > 54731c51b55bf0215392971b982139775c0bfa2b actionpack-3.2.11.gem > 5ccde66568d8051405c01063f1afaed13bd01082 activemodel-3.2.11.gem > f360c17968486479b0a4207e7eccbe379186a9d2 activerecord-3.2.11.gem > c61ff513be8a8aef898d2e5c4c9508d60727c556 activeresource-3.2.11.gem > 41a4e8c382594283026d977554c1e18233198ca8 activesupport-3.2.11.gem > 8fa6d19a0daea910e39a0911b2240c2a7b630fb1 rails-3.2.11.gem > ffaec7c3e5211283108cf5afab8e79be76090a0d railties-3.2.11.gem > ``` > > ### 3.1.10 > > ``` > [aaron@higgins dist]$ shasum *3.1.10* > e3dce983ebd0ee8970c5ddab46b05ac432c8b029 actionmailer-3.1.10.gem > 84e536e732255e5dfd3d8053c10ed98dcb45ac80 actionpack-3.1.10.gem > db1a3ac836d988dc1fc7c64d29ded7a277047419 activemodel-3.1.10.gem > ea3ad8514265516033009d97efc1fe7b3d2b09ed activerecord-3.1.10.gem > 0843646278b42d9ca796e157295851fd9938fe96 activeresource-3.1.10.gem > b55ef7f66de0bb79fcfa480e8df3696bffbff7f8 activesupport-3.1.10.gem > 4ed7d159191faa1a469cd9efdf9e6a4cdc907195 rails-3.1.10.gem > f288986df0fabd2035569199ea3d5f1f46a56db7 railties-3.1.10.gem > ``` > > ### 3.0.19 > > ``` > [aaron@higgins dist]$ shasum *3.0.19* > f8376f907b2230ac75882e1a3cfa8d5cdd6df800 actionmailer-3.0.19.gem > 68b319d86530a5d4291e13d6ab5f357a1e52c05b actionpack-3.0.19.gem > f0fb577ea7446ff229752bc799ca86dd53aa9cda activemodel-3.0.19.gem > c12324d78b22697d426148010901f79b366c0502 activerecord-3.0.19.gem > 8dbc7c8c80f5baeec823966aa225b23f4c2a799c activeresource-3.0.19.gem > b525b778f82f844a56ff993211825b9811bf82bd activesupport-3.0.19.gem > c2beb0711d28a07cb2747c83962c7d453951e2d6 rails-3.0.19.gem > de286ada16b3fc76129767dc612926e0b4f71dda railties-3.0.19.gem > ``` > > ### 2.3.15 > > ``` > [aaron@higgins dist]$ shasum *2.3.15* > 5ce45c70851dd534a72814620a6e57b42d360b88 actionmailer-2.3.15.gem > fa174c40f17fa5db952ba3a7c95a4ab0b5467594 actionpack-2.3.15.gem > e7391c92c82f974be7e65765819824e87bdb3cfd activerecord-2.3.15.gem > 4644b7a27993f7860d9e176f51dfa52d8f029ec9 activeresource-2.3.15.gem > 64843e3676c20a49060605546dfcdddaef2ea1a8 activesupport-2.3.15.gem > c8c0c49c63ca0f9acc3e0967b38d92b1c0b115af rails-2.3.15.gem > ``` > > <3<3<3 > > -- > Aaron Patterson > http://tenderlovemaking.com/ > > -- > You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/x02mEBp6lnYJ. > For more options, visit https://groups.google.com/groups/opt_out. > >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.